24 setembro 2012

Dropbox locked me out

I know Dropbox had a few security issues recently, that required them to add an extra security layer, like the 2-step verification. And that's great! But not allowing its users to, somehow, recover their account access is a little bit, frustrating. All started when I bought a new phone (Samsung Galaxy S3) at the same time that I was changing between carriers (so, different phone number).

Thing is, I missed the opportunity to log in to my Dropbox account to change my phone number, before ending the contract with the previous carrier. And that got me into a weird situation.

Right before ending the carrier contract, I turned on my SGS3, logged in with my Google account and with my Dropbox account, and got 50GB of extra space thanks to Samsung and its partnership with Dropbox. Important note: I still have access to my Dropbox account on my SGS3 throught Dropbox's own Android application.

So I still had the 2-step verification code on my old phone. But after loading lots and lots of apps to the SGS3, and with Dropbox connected, functional and so on, I decided it was OK to Data Factory reset that old phone. Shame on me: I forgot to save that 2svc.

So I emailed Dropbox explaining this, and then I got this reply:

Matthew B. - Dropbox Support, Sep 17 03:09 pm (PDT):Hi Bruno,
Thanks for contacting the Dropbox Support! I'd be happy to help you out.
If you can, please try to login to the website through a computer that you have already logged in since you enabled 2FA. This way you can head to the settings and disable 2FA, and then re-enable it.
If you are unable to log in under any machine, please let me know!
Best,
Matthew

So I replied to him saying that no, I do not have access to my Dropbox account from any computer. Why? Cookies expire, you know? And Dropbox is not the kind of service that we access that often. This time, a new support guy replied this:
Kevin - Dropbox Support, Sep 19 12:20 am (PDT):Hi Bruno,
Unfortunately, for security purposes, if you can't enter the two-step code, and you failed to store the emergency backup code, we have no way to help you regain access to your Dropbox account.
If you still have access to a computer with your Dropbox files on it, you can transfer your files to your new account by unlinking and relinking your Dropbox desktop application to your new account.
For detailed instructions on how to do this, visithttps://www.dropbox.com/help/25Please let me know if there is anything else I can do for you.
Best,
Kevin
Ok, let me put this straight:

  1. I don't have access to my Dropbox from a desktop
  2. I do have access to my Dropbox account from my phone
    1. I can CRUD all files in there
  3. Dropbox says that, for security purposes, they have no way to help me regain access
  4. Dropbox ignores the fact of #2 and #2-1, which is not secure at all, if I wasn't... me
  5. I am able to change my account password without 2-step verif. code
So Dropbox, update your Android app, so I can turn off the 2-step verification, like I would do if I had access from a desktop as you told me to do.

Tip for services like this: if you ever offer some high priority, so freaking important feature like this in your web interface, make sure your mobile app has that same feature.

Box.net, prepare for some mass uploads arriving today in the meanwhile.

2 comentários:

Geraldo Protta disse...

Seria cômico se não fosse trágico, mas aconteceu comigo exatamente hoje.
Atulizei o iOS, e usava o Google Authenticator para logar no Dropbox.
Com todos os Apps resetados ao mesmo tempo, também fiquei fora.
Acho que também vou pro Box.net, onde tenho mais espaço.

Geraldo Protta disse...

No meu caso, CONSEGUI RECUPERAR o acesso à minha conta.
Por ainda ter uma máquina linkada a minha conta pelo sistema de sincronização, acessei a opção "Launch Dropbox Website", que me direcionou diretamente para minha conta do Dropbox já logado, podendo assim, desabilitar o "2-step verification".

Contato

Email:bruno.borges(at)gmail.com

LinkedIn: www.linkedin.com/in/brunocborges
Twitter: www.twitter.com/brunoborges
Comprei e Não Vou
Rio de Janeiro, RJ Brasil
Oracle
São Paulo, SP Brasil